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Future Challenges in the LI of IP based Telecommunication 



DigiTask - Who we are and what we do 



Digilask 



- Special Telecommunication Systems for Law Enforcement 
Agencies (LEA) 

- Development of special solutions for the needs of LI 

- Located in the middle of Germany 



- DigiTask has overall experience 
of many years in LI systems 

- DigiTask is market leader 
for LI in Germany 

- DigiTask is privately owned 
and independent 
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■ 


DigiTask - Who we are and what we do 


uigilask 





- The LI systems cover the following input interfaces: 
• ISDN - BRI and PRI, X.25, IP, FTP, ATM 



- with recording of 

• Voice, Fax, Data 

• Modular and flexible 
in extensions 



- Implementation of European 
(ETSI) and National Regulations 

• TS 101 671, TS 33.108, 

TS 102 232, TR TKU, ... 



- DigiTask is full member of ETSI 
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DigiTask - Who we are and what we do 



Digilask 



- Main Products 

• Database supported Investigation 
System "DigiBase" 

- Automatic correlation of CC/IRI 

- User friendly and intuitive GUI 

- Wide functionality for 
investigation, combination 

and annotations for recorded data 



• Database supported Analysing 
System "DigiNet II" 

- Real time decoding of all standard 
internet traffic protocols 
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DigiTask - Who we are and what we do 



Digilask 



- Main Products (continued) 

• Database supported Analysing 
System "DigiNet II" 

- Decoding of proprietary protocols 

- Special tools for presentation 

• Mass Storage solutions up to 
1 PetaByte and more 

• Storage Management solutions 

• WiFi-Catcher 

• Support for core area of private life 

• Onsite training 
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DigiTask - Who we are and what we do 



Digilask 



- Main Products (continued) 

• Own Mediation Device 

- Complete LI Data in one hand 
from ISP to LEA 

- Sniffer solution 

• Geo-Tracking 

• Geo-Region and Geo-Live 

• additional special solutions 
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The New Internet 




- Yes, I know the internet! 

A statement frequently heard. 

- Various new applications/services arise 
• Second Life, World of Warcraft 




• Dynamic WebPages, RSS, ... 



- New communication protocols appear 
daily without notice 

- There are a lot of questions 

• Who is able to review and 
investigate the new information? 

• What about the increasing 
encrypted communication? 

DigiTask provides solutions and not 
additional problems and speculations! 
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DigiNet - Decoding of Internet Traffic Protocols 


uigJIask 





- Live decoding and visualisation 

- Modular decoder implementation 

- Extensive data retrieval, investigation 
and different user defined filters 

- Functions for annotation and marking 

- Supported protocols 

• HTTP, POP3, SMTP, IMAP, FTP, TELNET 

• VoIP (H.323, SIP), MMS, Webmail 

• IRC, AIM, ICQ, MSN, PalTalk, Yahoo 

• PeerToPeer - eMule/eDonkey, BitTorrent 

• SSL and Skype (only recognition) in 
conventional LI 
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DigiNet - Decoding of Internet Traffic Protocols Oigitask 

- The number of protocol decoders is continually expanded 

- Storage on web server 

- Secure Analysis 

- Use of terminal server or virtualisation to 
prevent network from viral infection 

- Search in decoded results 

- Processing possibilities 

• Marking (colouring) 

• Text reports 

• Search tool for marks 
and text 
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Use of Smart Tools for Investigation 


uigiihsk 





- SPAM filter 

• Decrease of data to investigate 

• User defined 

• More overview in analysing results 

• Focus on important data 

• Works on all protocols 

• Works immediately after definition and activation 
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Use of Smart Tools for Investigation 



Digilask 



- Neural network 

• Statistical procedure 

• Based on input data 

• Automatic correlation between 
data and objects (target, person) 
after training 

• Different profiles multithreading 

• Self learning after new training 

• Result for each profile 
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Use of Smart Tools for Investigation 




- Classification of decoded internet data 

• Behaviour of target while surfing the web or using other 
services 

• Preferences in communication 

• Manual classification 

- ineffective 

- Time wasting 

• URL classification 

- Allocation into classes 

- Classes are measurements 
for importance 
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Use of Smart Tools for Investigation 




Oigilask 



- Keyword Spotter 

• Statistical procedure 

• Recognition of speaker 

• Topic spotter 

- Voice 
» PSTN or IP 

• Live streaming 

• Results 

- Position within a file 

- Success probability 

- Storage in central database for further investigation 

- Supports more than 20 languages 
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Use of Smart Tools for Investigation 




-RAW Data Inspection 

• Interface for 3 rd party tools 

• 1st step analysis for newly released 
communication protocols 

• Designed for specialists at LEA 

• Deep view into packets of 
intercepted data 

• Approved standard tool Wireshark 
with special LI Header Plugins 

• Adjustable to additional needs 



12450100042c0000000bdsl.pcap - Wireshark 
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B DSL ASN.l Data 

asn. 1 DSL version: 3 
ASN.l Decoding Status: 0 
B HEADER 

lid: 11111 

Authorization country code: de 
D omain id: 0.4. 0.2 



Sequence Number: 1 
El communication id 
B PAYLOAD 
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Packet count: 1 
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packet Number: 0 



Payload Type: T_DSLT_CCContents_i PCC (2) 
IP offset : 64 



El internet Protocol, src: 192.168. (19; 
El user Datagram Protocol, src Port: 28626 (2E 
El Data (61 bytes) 
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Use of Smart Tools for Investigation 



Digilask 



- WiFi-Catcher 

• Modular unit for interception of 
WLAN traffic 

• Main features 

- Catching/Recording of data 

- Presentation of decoded data 

- Mobile usage 

- One channel interception 

- Multi channel interception (14 channels) 

• Cracking of WEP encrypted traffic 

• Intersection of MAC address 

• Building of negative sessions 

• Supports standards 802.11a, 802.11b, 802. llg, 802. lln 
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Use of Smart Tools for Investigation uigilask 

- Core area of private life 

• Law in Germany 

• Information in CC about private life has to be deleted 

• Two aspects 

- Recorded voice delivered via ISDN 

» Indication and deletion of raw data 

- Recorded Data delivered via ISDN or IP 

» Raw data has to be analysed by various decoders 
before presentation 

» Indication and deletion of decoded data 
» Raw data will be unaffected 
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Problems and Risks for Lawful Interception 




- Let us return to Web 2.0, Internet 3.0 



• Further development of 
security standards 

• Secure communication 
between dedicated users 

• Privacy protection 

• Result and conclusion 

» Communication which 
can be intercepted with 
LI is decreasing 
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DigiTask Product Innovation 




- Development of Remote Forensic Software 

• Encrypted communication like Skype or 
SSL can be made visible 

• Please visit our demonstrations in track 5 

• We like to meet you on 

- Thursday, October 2 nd 2008 

» 14:30h - 15:30h 

Live demonstration: DigiNet II 

» 16:00h - 17:00h 

Live demonstration: Remote Forensic 
Software 

Visit our booth in main exhibition hall 
Arrange presentation at your location 
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Perspective 


uigilask 





Complete LI from DigiTask 
Competence based on innovation 



Thank you. 
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- Continuous further development to decode and present 
intercepted data 

- Indication of contents concerning private life 

- Inhouse demonstration at LEA 



